[linux-security] Re: Serious Linux 2.0.34 security problem (fwd)

[Jon Lewis <jlewis inorganic5 fdt net>]

On Sun, 5 Jul 1998, Linux mailing list user wrote:

> > The fix is to invert !euid to euid in fs/fcntl.c:send_sigio(); line number
> > is approximately 139.
> 
> A much simpler fix is to update to a 2.0.35preX kernel (X>=3).

Actually, this is such a trivial bug to fix, that for many it probably
makes more sense to edit fs/fcntl.c and recompile rather than suject
themselves to the latest pre-release kernel...unless they like testing
pre-releases.

Just out of curiosity...word of this broke in linux-kernel and bugtraq in
the last days of June.  Were the linux-security moderators away on
holiday, or do they live in a time zone several days behind the rest of
the world?

[mod: Moderators have other stuff to do besides keeping an eye on
linux-security. I've actually been pretty busy lately: I currently
have three clients shouting that they want stuff done NOW. Anyway, I
still try to find the time to moderate linux-security once a day. 

But this doesn't have anything to do with what you mention: I don't go
and find stuff on Linux-kernel and forward it here. I let someone else
do that. So if you see something on another mailing list, and think
its relevant, go ahead and forward it.

Regards,

Roger Wolff 
Your Moderator. ]



------------------------------------------------------------------
 Jon Lewis <jlewis fdt net>  |  Spammers will be winnuked or 
 Network Administrator       |  drawn and quartered...whichever
 Florida Digital Turnpike    |  is more convenient.
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____